Multiplicative complexity is the minimum number of AND-gates required to implement a given Boolean function in (AND, XOR) algebra. It is a good measure of a hardware complexity of an S-box, but an S-box cannot have too low multiplicative complexity due to security constraints. In this article we focus on generic constructions that can be used to find good n×n S-boxes with low multiplicative complexity. We tested these constructions in the specific case when n = 8. We were able to find 8 × 8 S-boxes with multiplicative complexity at most 16 (which is half of the known bound on multiplicative complexity of the AES S-box), while providing a reasonable resistance against linear and differential cryptanalysis.
ProCite
RefWorks
Reference Manager
BibTeX
Zotero
EndNote
-
[1]
Ballet, S. and Pieltant, J., On the tensor rank of multiplication in any extension of f2, Journal of Complexity, 27(2) (2011), 230–245. DOI 0885064X11000094 http://dx.doi.org/10.1016/j.jco.2011.01.008.URL http://www.sciencedirect.com/science/article/pii/S0885064X11000094
-
[2]
Bertoni, G., Daemen, J., Peeters, M. and Van Assche, G., Keccak sponge function family main document, Submission to NIST (Round 2), 3 (2009).
-
[3]
Bilgin, B., Nikova, S., Nikov, V., Rijmen, V. and Stütz, G., Threshold implementations of all 3 ×3 and 4 × 4 S-boxes, in: E. Prouff, P. Schaumont (eds.) CHES, Lecture Notes in Computer Science, vol. 7428, Springer (2012), pp. 76–91.
-
[4]
Biryukov, A., Cannière, C. D., Braeken, A. and Preneel, B., A toolbox for cryptanalysis: Linear and affine equivalence algorithms, in: E. Biham (ed.) Advances in Cryptology – EUROCRYPT 2003, Lecture Notesin Computer Science, vol. 2656, Springer-Verlag (2003), pp. 33–50. URL http://dx.doi.org/10.1007/3-540-39200-9_3
-
[5]
Bogdanov, A., Knudsen, L. R., Leander, G., Paar, C., Poschmann, A., Robshaw, M. J. B., Seurin, Y. and Vikkelsoe, C., PRESENT: An ultra-lightweight block cipher, in: P. Paillier, I. Verbauwhede (eds.) CHES, LectureNotes in Computer Science, vol. 4727, Springer (2007), pp. 450–466.
-
[6]
Boyar, J. and Peralta, R., Tight bounds for the multiplicative complexity of symmetric functions, Theor. Comput. Sci., 396(1–3) (2008), 223–246. DOI 10.1016/j.tcs.2008.01.030. URL http://dx.doi.org/10.1016/j.tcs.2008.01.030
-
[7]
Boyar, J. and Peralta, R., A new combinational logic minimization technique with applications to cryptology, SEA (2010), pp. 178–189
-
[8]
Boyar, J., Peralta, R. and Pochuev, D., On the multiplicative complexity of boolean functions over the basis (∧,⊕, 1), Theoretical Computer Science, 235(1) (2000), 43–57.
-
[9]
Bulygin, S., More on linear hulls of present-like ciphers and a cryptanalysis of fullround epcbc-96, Cryptology ePrint Archive, Report 2013/028 (2013). URL http://eprint.iacr.org/
-
[10]
Carlet, C., Goubin, L., Prouff, E., Quisquater, M. and Rivain, M., Higherorder masking schemes for S-boxes, in: Fast Software Encryption, Springer (2012), pp. 366–384.
-
[11]
Courtois, N., Hulme, D. and Mourouzis, T., Solving circuit optimisation problems in cryptography and cryptanalysis, Cryptology ePrint Archive, Report 2011/475 (2011).
-
[12]
Daemen, J. and Rijmen, V., The Design of Rijndael. Springer (2002)
-
[13]
Grosek, O., Magliveras, S., Tapuska, J. and Wei, W., Is Rijndael really independent of the field polynomial? Tatra Mountains Mathematical Publications, 33(1) (2006), 51–69.
-
[14]
Kocher, P. C., Jaffe, J. and Jun, B., Differential power analysis, in: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ′99, Springer-Verlag, London, UK, UK (1999). pp. 388–397. URL http://dl.acm.org/citation.cfm?id=646764.703989
-
[15]
Mirwald, R. and Schnorr, C., The multiplicative complexity of quadratic boolean forms, Theoretical Computer Science, 102(2) (1992), 307–328. DOI 10.1016/0304-3975(92)90235-8. URL http://www.sciencedirect.com/science/article/pii/0304397592902358
-
[16]
Nyberg, K., Differentially uniform mappings for cryptography, in: T. Helleseth (ed.) Advances in Cryptology – EUROCRYPT ′93, Lecture Notes in ComputerScience, vol. 765 Springer, Berlin, Heidelberg (1994), pp. 55–64. DOI 10.1007/3-540-48285-7_6. URL http://dx.doi.org/10.1007/3-540-48285-7_6
-
[17]
Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C. and Ferguson, N., Twofish: A 128-bit block cipher, NIST AES Proposal, 15 (1998).
-
[18]
Wu, H., The hash function jh, submission to NIST (updated) (2009).
-
[19]
Yarkin Doröz Aria Shahverdi, T. E. and Sunar, B., Toward practical homomorphic evaluation of block ciphers using Prince, Cryptology ePrint Archive, Report 2014/233 (2014). URL http://eprint.iacr.org/
-
[20]
Zajac, P., A new method to solve MRHS equation systems and its connection to group factorization, Journal of Mathematical Cryptology, 7(4) (2013), 279–381. DOI 10.1515/jmc-2013-5012
-
[21]
Zajac, P. and Jókay, M., Multiplicative complexity of bijective 4 × 4 s-boxes, Cryptography and Communications, 6(3) (2014), 255–277. DOI 10.1007/s12095-014-0100-y. URL http://dx.doi.org/10.1007/s12095-014-0100-y
Monthly Content Usage
| Abstract Views | Full Text Views | PDF Downloads | |
|---|---|---|---|
| Sep 2020 | 2 | 0 | 0 |
| Oct 2020 | 0 | 0 | 0 |
| Nov 2020 | 2 | 0 | 0 |
| Dec 2020 | 4 | 0 | 0 |
| Jan 2021 | 6 | 0 | 0 |
| Feb 2021 | 6 | 0 | 0 |
| Mar 2021 | 0 | 0 | 0 |
Copyright Akadémiai Kiadó
AKJournals is the trademark of Akadémiai Kiadó's journal publishing business branch.
Copyright Akadémiai Kiadó AKJournals is the trademark of Akadémiai Kiadó's journal publishing business branch.
Powered by PubFactory